Details of VAR-202509-1748

ID

VAR-202509-1748

CVE

CVE-2025-10792

TITLE

D-Link Corporation of DIR-513 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015605

DESCRIPTION

A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-513 The firmware contains buffer error vulnerabilities, classic buffer overflow vulnerabilities, and out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-513 is a wireless router product from D-Link, a Chinese company. Detailed vulnerability details are currently unavailable

Trust: 2.16

sources: NVD: CVE-2025-10792 // JVNDB: JVNDB-2025-015605 // CNVD: CNVD-2025-23468

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-23468

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-513	scope:	eq	version:	1.10	Trust: 1.0
vendor:	d link	model:	dir-513	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-513	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-513	scope:	eq	version:	dir-513 firmware 1.10	Trust: 0.8
vendor:	d link	model:	dir-513 a1fw110	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-23468 // JVNDB: JVNDB-2025-015605 // NVD: CVE-2025-10792

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-10792
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-015605
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-23468
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-10792
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-015605
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-23468
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-10792
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-015605
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-23468 // JVNDB: JVNDB-2025-015605 // NVD: CVE-2025-10792

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-015605 // NVD: CVE-2025-10792

EXTERNAL IDS

db:	NVD	id:	CVE-2025-10792	Trust: 3.2
db:	VULDB	id:	325149	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-015605	Trust: 0.8
db:	CNVD	id:	CNVD-2025-23468	Trust: 0.6

sources: CNVD: CNVD-2025-23468 // JVNDB: JVNDB-2025-015605 // NVD: CVE-2025-10792

REFERENCES

url:	https://github.com/panda666-888/vuls/blob/main/d-link/dir-513/formwps.md	Trust: 1.8
url:	https://github.com/panda666-888/vuls/blob/main/d-link/dir-513/formwps.md#poc	Trust: 1.8
url:	https://vuldb.com/?id.325149	Trust: 1.8
url:	https://vuldb.com/?submit.654049	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-10792	Trust: 1.4
url:	https://vuldb.com/?ctiid.325149	Trust: 1.0

sources: CNVD: CNVD-2025-23468 // JVNDB: JVNDB-2025-015605 // NVD: CVE-2025-10792

SOURCES

db:	CNVD	id:	CNVD-2025-23468
db:	JVNDB	id:	JVNDB-2025-015605
db:	NVD	id:	CVE-2025-10792

LAST UPDATE DATE

2025-10-14T23:27:41.427000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-23468	date:	2025-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2025-015605	date:	2025-10-10T01:54:00
db:	NVD	id:	CVE-2025-10792	date:	2025-10-08T19:36:26.743

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-23468	date:	2025-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2025-015605	date:	2025-10-10T00:00:00
db:	NVD	id:	CVE-2025-10792	date:	2025-09-22T10:15:36.280